MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e86fd29446566f02088cc93deb2449d5aa7febf4ced0a41d36095520737f0338. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 2 Comments

SHA256 hash: e86fd29446566f02088cc93deb2449d5aa7febf4ced0a41d36095520737f0338
SHA3-384 hash: 05b150699bd4224c17771aa28bc4fd9b3edf8d5ac777bebf488c2b02c608d459b69eb324ec0a83859689114a30eb89dd
SHA1 hash: c1b622f311ffa1194194a66e3d922e58b6e9402d
MD5 hash: ad535bbe748d1f76fe956281e186b195
humanhash: romeo-cat-july-louisiana
File name:DOC Scanned_0897506302020.exe
Download: download sample
Signature Formbook
File size:622'592 bytes
First seen:2020-06-30 06:29:30 UTC
Last seen:2020-06-30 07:45:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 6144:zQKaKSeufg8+Kn9yRIN23yi3vfoppn4PW13HQ3HLAHrzQV/:shVfg8+K0R3j3vQ4PW13HQ3HMHrzQV/
TLSH 41D4193E7DC1E46CE021DD7280EE1D909367E8B12363960F6F4A7B74199C14AEE1A23D
Reporter @abuse_ch
Tags:exe FormBook


Twitter
@abuse_ch
Malspam distributing Formbook:

HELO: longrichplc.chickenkiller.com
Sending IP: 185.236.231.55
From: Kyung Soon <bgtsnvcgleznrh@longrichplc.chickenkiller.com>
Subject: ORD# 08097878-06/30/2020 04:58:09 am
Attachment: DOC Scanned_0897506302020.xlsx.img (contains "DOC Scanned_0897506302020.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 36
Origin country FR FR
CAPE Sandbox Detection:Formbook
Link: https://www.capesandbox.com/analysis/16821/
ClamAV SecuriteInfo.com.Formbook.17664.12674.UNOFFICIAL
CERT.PL MWDB Detection:formbook
Link: https://mwdb.cert.pl/sample/e86fd29446566f02088cc93deb2449d5aa7febf4ced0a41d36095520737f0338/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Injector
First seen:2020-06-30 06:31:05 UTC
AV detection:23 of 31 (74.19%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   8/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-pjkcq2wxvs/
Tags:spyware evasion trojan persistence
VirusTotal:Virustotal results 20.83%

Yara Signatures


Rule name:Formbook
Author:JPCERT/CC Incident Response Group
Description:detect Formbook in memory
Reference:internal research
Rule name:win_formbook_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information


The table below shows additional information about this malware sample such as delivery method and external references.

e658402b25e264ac4da5fdc74c971b77

Formbook

Executable exe e86fd29446566f02088cc93deb2449d5aa7febf4ced0a41d36095520737f0338

(this sample)

  
Dropped by
MD5 e658402b25e264ac4da5fdc74c971b77
  
Delivery method
Distributed via e-mail attachment

Comments